In modern computer networks multiple clients are networked together to allow the networked clients to share one or more resources coupled to the network. Resources may be servers, files, WebPages, or may simply include responses to requests made by a client. For example, the multiple computers may be clients that are coupled through a network to one or more printers (one type of resource) that the computers may access in order to print out paper documents. In various arrangements, a server may provide computer services that allows the multiple clients to make connections to these shared resources. In addition, servers, referred to as proxy servers, may allow the multiple clients to make network connections to other computers or to other servers over a network such as the Internet.
It may be desirable in some arrangements to have all requests for resources available through the network to be controlled based on security or usage policies determined for the clients, either on an individual basis, or as a group, or both. In some instances, the policies may limit the access a client is allowed to have with respect to one or more particular resources. In some instances, a group of clients may have a security policy that prevents the clients from accessing resources outside a particular network of resources. For example, a group of clients may be allowed only to access resources on a local network, and may be blocked from accessing resources external to the local network.
In other instances, it may be desirable to allow a client or a group of clients to have access to one or more resources provided over the Internet, but the types of resources that can be accessed may be screened or limited by the security and usage policies. For example, a school having student work stations coupled to the Internet may want to allow students using the work stations to have access to web sites determined to be educational, but may also want to screen for and block requests made by a student for a resource or web site on the Internet that may be deemed inappropriate by the security and usage policies applied to the work stations. In addition, other work stations, for example work stations used by teachers or school administrators, may also be coupled to the Internet but may have a different set of security and usage policies applied to these work stations.
In general, in order to enforce the security or usage policies, requests from each client to be regulated are directed to a proxy server that is capable of providing scanning and control of the requests based on the applicable security and usage policies for the requesting client. The proxy server will scan each of the client requests and determine for each request if the requesting client is to be granted access to the requested resource based on the secure and usage policies. If access is allowed, the proxy server will allow the connection to occur, or if the access is not allowed, the proxy server can block the access by denying the request for the resource.
The use of a proxy server has the disadvantage that each client must be configured to address all requests for resources to the proxy server. As new clients are added, the new clients must be configured to direct all requests from the new client to the proxy server, adding to the setup complexity and cost of adding new clients. In addition, a client may attempt to bypass the proxy server by addressing requests directly to a resource rather than to the proxy server. In some instances, these requests may be addressed to resources that violate the security and usage policies for the client making the request.